Attestable Immutable Nodes for Kubernetes
Rethinking the Trust Boundary of Kubernetes Nodes Most Kubernetes security mechanisms implicitly assume that worker nodes are trustworthy. In practice, this assumption is weak. The operating systems running underneath Kubernetes are often mutable, difficult to audit, and only loosely tied to what was originally provisioned. Even when containers are well isolated and supply chains are secured, a compromised or drifted node OS undermines the entire stack. A more robust approach is to treat the node operating system as a security boundary, not just a runtime dependency. This is where immutable and attestable operating systems become relevant. By making the OS immutable and cryptographically verifiable, Kubernetes can rely on a foundation whose integrity is provable rather than assumed. ...